我想在我的 spring 应用程序中使用 REST 服务。要访问该服务,我有一个客户端证书(自签名和 .jks 格式(用于授权。 针对其余服务进行身份验证的正确方法是什么?
这是我的要求:
public List<Info> getInfo() throws RestClientException, URISyntaxException {
HttpEntity<?> httpEntity = new HttpEntity<>(null, new HttpHeaders());
ResponseEntity<Info[]> resp = restOperations.exchange(
new URI(BASE_URL + "/Info"), HttpMethod.GET,
httpEntity, Info[].class);
return Arrays.asList(resp.getBody());
}
下面是如何使用 RestTemplate 和 Apache HttpClient 执行此操作的示例
您应该使用配置的 SSL 上下文定义自己的RestTemplate:
@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) throws Exception {
char[] password = "password".toCharArray();
SSLContext sslContext = SSLContextBuilder.create()
.loadKeyMaterial(keyStore("classpath:cert.jks", password), password)
.loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
HttpClient client = HttpClients.custom().setSSLContext(sslContext).build();
return builder
.requestFactory(new HttpComponentsClientHttpRequestFactory(client))
.build();
}
private KeyStore keyStore(String file, char[] password) throws Exception {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
File key = ResourceUtils.getFile(file);
try (InputStream in = new FileInputStream(key)) {
keyStore.load(in, password);
}
return keyStore;
}
现在,此模板执行的所有远程调用都将使用cert.jks进行签名。注意:您需要将cert.jks放入类路径中
@Autowired
private RestTemplate restTemplate;
public List<Info> getInfo() throws RestClientException, URISyntaxException {
HttpEntity<?> httpEntity = new HttpEntity<>(null, new HttpHeaders());
ResponseEntity<Info[]> resp = restTemplate.exchange(
new URI(BASE_URL + "/Info"), HttpMethod.GET,
httpEntity, Info[].class);
return Arrays.asList(resp.getBody());
}
或者,您可以将证书导入 JDK 证书,所有使用 jdk(在您的例子中为 rest 模板(的 HTTP 客户端都将使用该证书进行 REST 调用。
keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -file foo.cer -alias alias
PS:成功导入后不要忘记重新启动服务器。密钥库的默认密码 -changeit